package com.chenyuxin.ilp.security.auth.password;

import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.StrUtil;
import com.chenyuxin.ilp.model.enums.exception.ExceptionEnums;
import com.chenyuxin.ilp.security.auth.handler.LoginException;
import com.chenyuxin.ilp.model.entity.user.User;
import com.chenyuxin.ilp.model.enums.exception.UserExceptionEnums;
import com.chenyuxin.ilp.model.enums.db.user.UserStatus;
import com.chenyuxin.ilp.model.vo.user.UserLoginVo;
import com.chenyuxin.ilp.service.user.CaptchaService;
import com.chenyuxin.ilp.service.user.Impl.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

@Component
public class PasswordAuthenticationProvider implements AuthenticationProvider {
    @Autowired
    private UserServiceImpl userService;
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Autowired
    private CaptchaService captchaService;
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof PasswordAuthentication)) {
            throw new LoginException(ExceptionEnums.SYSTEM_ERROR);
        }
        PasswordAuthentication passwordAuthentication = (PasswordAuthentication) authentication;
        // 拿到拦截器中的存在Authentication中的用户名密码
        String username = (String)passwordAuthentication.getPrincipal();
        String captchaKey = (String)passwordAuthentication.getExtraParam("captchaKey");
        String captcha = (String)passwordAuthentication.getExtraParam("captcha");
        String password = (String)passwordAuthentication.getCredentials();
        if(!captchaService.verifyCaptcha(captchaKey,captcha)){
            throw new LoginException(UserExceptionEnums.CAPTCHA_ERROR);
        }
        // 校验用户名密码
        User user = userService.selectByUsernameOrPhone(username);
        // 判断账用户是否注册过
        if(user==null){
            throw new LoginException(UserExceptionEnums.ACCOUNT_OR_PHONE_NOT_EXIST);
        }
        if(StrUtil.isBlank(user.getPassword())){
            throw new LoginException(UserExceptionEnums.NOT_ALLOW_PASSWORD);
        }
        // 判断用户名密码是否正确
        if(!passwordEncoder.matches(password,user.getPassword())){
            throw new LoginException(UserExceptionEnums.USERNAME_OR_PASSWORD_ERROR);
        }
        // 判断账号是否被封禁
        if(user.getStatus().equals(UserStatus.DISABLED.getCode())){
            throw new LoginException(UserExceptionEnums.ACCOUNT_BANDED);
        }
        // 通过Authentication将用于制作token的用户信息传递出去
        UserLoginVo userLoginVo = BeanUtil.copyProperties(user, UserLoginVo.class);
        PasswordAuthentication submitAuthentication = new PasswordAuthentication();
        submitAuthentication.setCurrentUser(userLoginVo);
        submitAuthentication.setPassword(null);
        submitAuthentication.setAuthenticated(true);
        return submitAuthentication;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.isAssignableFrom(PasswordAuthentication.class);
    }
}
